The Precarious Gmail Phishing Scam That You Must Know

Most of us begin our days by checking our mail. Even though instant messaging apps like WhatsApp and Facebook Messenger have gotten immensely popular, Email still remains the preferred choice when it comes to proper communication. And when it comes to email services, Gmail is undoubtedly the most popular out there. Gmail offers numerous features such as smart search, label support, tight integration with other Google services like Drive and Hangouts, as well as a large amount of storage. But as powerful as it is, Gmail is not the only email service out there. In fact, there are quite a few email service providers that are almost equally (or at times, even more) feature-laden as Gmail. But is Gmail completely safe? Is there any chance this trusted email service can threat us?
But beware! There is a new online scam targeting Gmail users. Termed as Gmail Phishing, this particular scam is said to be fooling even the most technology-savvy users.
Don’t take us for the word that this has fooled tech-savvy’s. according to Mark Maunder, CEO of WordPress security service Wordfence, the scam has managed to convince even “experienced technical users”, and is targeting other services in addition to Gmail. Did we also tell you that he is the guy who found the scam in the first place?

How does the Gmail Phishing work?

The attacker sends an email to a Gmail user’s account. This particular email is likely to come from someone that you know already know and who have had their account hacked using this same technique. It may also include an attachment that looks like something that you previously sent to this contact and is also likely to have a relevant subject line.
Once you click the image/attachment in the expectation of getting a preview of the attachment, it will instead open a new tab. This new tab will then prompt to sign into Gmail again. Now normally, one would wrinkle up their nose and think, but I just signed-in. If you shrug who-cares, and sign-in again, you are straight away walking into a beautifully laid trap.

The Trap

It is very likely that the victims might not easily notice that hack. Because the location bar shows accounts.google.com. Once the hackers get access to your account, they gain complete access to all your emails. Including the entire, lot of emails that have been sent and received. Once they control their email address, they can easily compromise a wide variety of other services that you use by using the password reset mechanizes including other email accounts and more.

How to protect yourself from these attacks?

When you sign-in to any service, check the browser location bar and verify the protocol, then verify the hostname. Ensure that before the hostname, there should be nothing other than https:// and the lock symbol.
If you have access to the two-factor authentication, do enable it. Because enabling the two factor authentication makes it much more difficult for an attacker to sign into a service that you use. This works even if the hackers manage to steal your password using this technique.

8 Alternatives to Gmail that is worth trying out

1. Outlook.com

If you’re heavily invested in the Microsoft ecosystem, Outlook.com is a no brainer. It is granularly integrated with other Microsoft products such as OneDrive and Office Online and thus, provides a seamless experience. It comes with advanced calendar, tasks and contacts sub-modules for easy management of your daily workflow.
Outlook.com also has features like Sweep, Pin, Aliases and built-in Chat that help in better collaboration and organization of email. It can automatically sort email based on user-specified parameters. The availability of apps across all platforms ensures that you can manage your email effectively regardless of the OS you use. There’s unlimited storage as well.

2. Zoho

Although Zoho has quite a few features, what makes it stand out from the rest is that the email service doesn’t display any ads in the interface at all, not even in the free account. It provides a minimalistic user interface with multiple layouts that let you configure the display as per your preferences. Zoho mail fully supports all modern email protocols such as IMAP and Exchange ActiveSync. It even comes with a full-blown online productivity suite that can be used to create/edit documents, spreadsheets and presentations. It was co-founded by India-based Sridhar Vembu.
At the free level, Zoho provides 5GB of email storage and 5GB of document storage space. These can be easily upgraded through one of the paid plans.

3. Yandex

While its name might seem a little unfamiliar, the fact is that Yandex mail is backed by its namesake company, which operates the largest search engine in Russia. The service provides 10GB of free email space. Interestingly, the company claims that the email storage automatically increases by 1GB every time the free space falls below 200MB.
Among the many features of Yandex mail are the ability to group messages into conversations, labels, file preview/playback support and antivirus scanning for incoming messages. It also supports email protocols such as POP and IMAP. Oh, and creating a free account also gives you access to the companion Yandex Disk cloud storage service, which offers 10GB of free cloud storage.

4. Mail.ru

Another popular email service coming from Russia, Mail.ru is backed by its namesake internet company, which operates numerous other websites that are claimed to have the largest audience in Russia. The email service itself is pretty feature laden, with everything from folders to rule-based message sorting to themes included in the package.
Mail.ru supports popular email formats and can pull emails from other email services like Gmail as well, making the transition even simpler. Its companion cloud storage service provides 25GB of free cloud storage space, and companion apps exist on all major platforms. Some other important features of Mail.ru include two factor authentication, multiple aliases and calendar support.

5. ProtonMail

If you’re looking for a secure email service, ProtonMail is arguably one of the best you can find. Created by scientists and researchers from institutions as renowned as MIT and CERN, ProtonMail is an encrypted email service that’s hosted in Switzerland, which has strict privacy laws.
It features end-to-end encryption and is based on open-source code. ProtonMail achieves bi-layered security by associating not one, but two passwords with user accounts – one for logging in and another for encrypting/decrypting the email contents. Its mobile apps are available on iOS and Android as well.

6. Tutanota

Want a secure email service that does the basics right without becoming too complicated? Tutanota might just be what you need. All of the emails sent or received between Tutanota email addresses are end-to-end encrypted, and those sent to regular email addresses can be optionally encrypted with user specified passwords.
Even the email subject and attachments are encrypted. Tutanota is open-source and thus enables security experts to fully verify the code that’s used to protect email messages. Tutanota has native apps available on both iOS and Android, and is based in Germany.

7. Scryptmail

Scryptmail is another really good secure email service that features end-to-end encryption. It doesn’t store any data (not even metadata) on its servers. Its code can be verified by anyone and no third party scripts are allowed. The company claims that all communication is secured with a user-specified passphrase that stays on the source machine only.
It comes with strong HTTPS encryption and is fully compatible with standard protocols to exchange public encryption keys among users. Regular messages sent to common email services can be encrypted using PIN codes. You can create disposable email accounts as well.

8. Vivaldi

Vivaldi mail comes from its namesake Vivaldi Technologies, a company founded by Jon Stephenson von Tetzchner, who also happens to be the co-founder and former CEO of Opera Software (yep, the developer of popular Opera browser).
What’s interesting about Vivaldi is that it has a really clean and minimal user interface, devoid of extra things like chat, ads or anything like that. The contacts sub-module lets you easily manage all your contacts, and there’s a calendar sub-module for managing appointments included in the mix too. You can also manually create and manage folders.
So there you have it! 9 Gmail alternatives worth trying out.

To be on the safe side, here are a few tips that you can follow to ensure safety of your emails:

1. Set up a second e-mail account for newsletters and the like: Mailing lists may give the address to others. The more unwanted e-mail you get, the greater the potential for receiving malicious files.
2. Don’t open attachments or click on links from unknown sources: Keep anti-virus and browser software updated — don’t hit Ignore when those update reminders pop up.
3. Be smart with your password: Ideally, it shouldn’t be a word found in a dictionary. And don’t choose an obvious security-question answer, like your mother’s maiden name.
4. Don’t trust public Wi-Fi: It’s fine for general Web browsing, but avoid using it for anything that you log on to.